OSF's Distributed Computing Environment White Paper 5/13/92 HP and DCE ********** HP has been making significant strides in the area of defining industry accepted standards for distributed computing that gives HP a competitive edge today as our customers move towards open systems and distributed applications. HP has been the leader in offering several solutions, including Network Computing System, HP LAN Manager/X, Passwrd Etc and HP Diskless to Open Software Foundation (OSF) to comprise its Distributed Computing Environment (DCE). These solutions were submitted as part of an integrated technology collection known as DEcorum, which stands for "Distributed Environment Core" software, jointly submitted by HP, IBM, DEC, Transarc, and Locus. HP's role in supplying technology to OSF for DCE integration has positioned us as the leader in providing the most competitive solutions for distributed computing today and in the future. Our work with OSF DCE further validates HP's Team Computing and NewWave Computing strategies. In fact, some of the key product implementations of the Team Computing and NewWave Computing strategies have been endorsed by the OSF DCE definition today. It is important for our computer selling strategy to emphasize with our current and prospective customers the importance of OSF DCE and the major contributions HP made to it. You should be able to confidently demonstrate to your customers that investing in HP guarantees them a stake in the Open Systems environment, more so than any other vendor. In OSF and DCE, one must appreciate that OSF plays a special role in the computer industry. A non-profit company, OSF solicits the input of the entire industry to acquire and develop the technology required to create a vendor-neutral computing environment. Its membership represents every segment of the worldwide computer community -- system vendors, independent software vendors, end users, government agencies, research centers, and universities. OSF has defined the Distributed Computing Environment (DCE) to solve the industry-wide problem of transparent computing in heterogeneous environments, facilitating the creation and use of distributed applications. DCE addresses several business needs including: 1. Interoperability: As computing environments become more heterogeneous, a growing business need is to be able to share and manage data transparently in a heterogeneous network. 2. Ease of development and porting of applications: DCE provides development enablers that provide consistency for VABs and VARS to create distributed customized applications in a heterogeneous environment. 3. Security: As networks grow in complexity and number of users, security requirements have also been growing. DCE provides data and directory security between two or more heterogeneous machines as in a single system. 4. Performance: DCE focuses on distributed processing performance in a distributed heterogeneous network, since from a business need applications need to perform as well in a distributed environment as they do on a single system, despite the network overhead. (In some cases, distributed computing should deliver superior performance to a single system by allowing application tasks to run in parallel on the network). By using the DCE RPC, applications can be optimized to move the processing and data access to systems with the best resources. 5. Availability: Data must be made more available throughout a company, irregardless of where the data is kept. Therefore, it is an objective for DCE to provide the same or better level of availability as a single system. A network of systems has inherent fault-tolerance: if one system fails, another system on the network can potentially take up the work of the failed processor. 6. Scalability: DCE allows a network to grow with minimal impact on performance or administration. Using DCE Global Naming, networks and applications achieve location transparency. The OSF technology DCE includes remote procedure call (RPC), global naming, security, diskless operations, a distributed file system, distributed time synchronization, multiprocessing {threads} support, and future integration with the OSF Distributed Management Environment, or DME. HP formed a partnership with IBM, Transarc, Microsoft, DEC, and and Locus to jointly submit DEcorum in response to the OSF Request for Technology for OSF DCE. DEcorum is a set of integrated software components that provide the functionality required by OSF's Distributed Computing Environment. The following chart outlines the major technology areas of OSF DCE, the DEcorum technology submittals for each area, and the OSF endorcement for each area. As can be seen below, HP clearly played a leadership role in the submittal of technologies, and also came up a winner when one regards the technologies that OSF accepted for inclusion in DCE. ____________________________________________________________________ | What What the Technology | | Technology DEcorum OSF Supplier | | submitted accepted | |_________________________________________________________________ | | | | RPC NCS NCS HP with DEC | | extensions | | | | Security Passwrd Etc Passwrd Etc HP | | Kerberos Kerberos M.I.T. | | | | | | Threads Recommended CMA DEC | | P-threads on CMA | | | | Time Recommended DTS DTS DEC | | | | Naming NCA Naming CDS DEC, with RPC | | interfaces | | from HP | | Distributed AFS DFS Transarc | | File System | | | | PC LM/X LM/X HP/Microsoft | | Integration PC/NFS SUN | | | | X.500 No DIR-X Siemens | | submission | | | | Diskless HP Diskless HP Diskless HP | | Operation | | PC/NFS SUN | | | |__________________________________________________________________| HP is a leader in providing the technology accepted by OSF for DCE. This includes support for the RPC, the security component, diskless operation, and naming facilities. The distributed file service, DFS, includes HP's NCS enhancements as well. HP not only earned acceptance of its proposals, it also has products to back them, as shown by the chart below: Availability Technology Domain HP-UX MPE/ix ---------- ------ ----- ------- NCS NCS 1.5.1 Now NCS 1.5.1 Now NCS 1.5.1 on MPE 4.0 Diskless UNIX support ----- NOW ----- LAN MANAGER ----- NOW LAN MANAGER API's Passwrd, Etc. NOW Future ------ As can be seen above, HP has taking the lead for providing major components of OSF DCE even before OSF DCE will be available. HP is committed to support OSF DCE on HP-UX multiuser systems and workstations as soon as possible after OSF DCE source is provided to licensers. OSF DCE components are also actively being investigated and brought to MPE/ix. DCE Product Availability DCE Core Developer's Environment: Includes NCS RPC, Cell Directory Service, Distributed Time Service, Security Service and threads will be available on both HP/UX and MPE. HP/UX Core release will be in the fall of 1992. MPE/ix will follow about six months later with availability in the spring of 1993. DCE End-User services including the Distributed File System and Discless will follow in subsequent releases in 1993 for HP/UX. They are being investigated for MPE. In addition, both HP/UX and MPE/ix will be launching early access programs prior to actual product release. Contact the Network Sales Center for information on these programs. NOW WHAT DOES THAT MEAN TO YOUR CUSTOMER? ----------------------------------------- Migration to OSF DCE will not be a problem on HP-UX. since several of the key components of OSF DCE are available today or in the near future. In addition, several of the components of OSF DCE, such as Discless, Passwrd, Etc, and DFS are "turnkey" solutions, not requiring additional programming by your customer. Some DCE components, such as NCS, can be used as tools by ISVs and end-user customers for customized distributed computing that best fits the particular business needs of the end-user. DCE provides standard API's; NCS RPC and the directory API called XDS so that developers can develop DCE Distributed applications and port them easily on any platform supporting DCE. TECHNOLOGY OVERVIEW ------------------- 1. Remote Procedure Call -- HP's NCS allows individual procedures in an application to run on a computer(s) elsewhere in the network. OSF accepted NCS as the RPC mechanism supporting direct calls to procedures on remote systems, enabling programmers to develop distributed applications easily in multi-vendor, multiple system environments. NCS features include: 1. Data type conversion between dissimilar machines. In NCS, a receiving procedure needs to convert data representations only when the sending machine's data types differ. 2. Transport independence and transparency. NCS does not rely upon any transport-layer features such as error correction and detection. This allows it to run over unreliable transports, such as UDP. With version 2.0, connection oriented transports such as ISO TP4 are supported. 3. Location independence. NCS determines at runtime where network resources are, such as remote sub-procedures and databases. Some other things you should know about NCS: 1. NCS is popular as an RPC because it follows local procedure call semantics more closely than other RPCs. This makes it easier for application developers to quickly pick up and learn. 2. Using NCS, no performance is lost due to unnecessary data translation. Only when data conversion is necessary, does NCS translate from the sending procedure's format directly into the receiving procedures format. 3. NCS 2.0 is well positioned to take advantage of ISO protocol standards as they emerge. NCS 2.0 supports OSI presentation layer negotiations for data representation format. NCS 2.0 can also operate over the ISO/TP4 transport protocol. And NCS 2.0 supports environments using global naming services such as ISO/CCITT X.500 name services. 4. NCS was chosen by OSF over other RPCs such as ONC RPC from SUN and RPCTool from Netwise because: . ONC imposes limits on the size and number of arguments that can be passed between applications and remote sub-procedures,. whereas NCS imposes no such limits. . RPCTool provides too many "hooks" for programmers to customize the RPC, leading to incompatible versions of the protocol and defeating the purpose of providing a standard. By contrast, NCS does not leave doors open to interpretation by programmers. . ONC has no mechanism to send and receive indeterminate- length streams of data, whereas NCS is totally flexible. . ONC has no general POSIX threads integration which provides multi-tasking capabilities -- an important feature for executing more than one remote procedure in parallel. NCS complies with POSIX. HP Plans regarding NCS ---------------------- . NCS version 1.5.1 is now available for HP-UX and MPE/ix platforms, along with Domain systems. This version of HP is committed to NCS 2.0 on all MPE XL and HP-UX platforms with our first releases of DCE. 2. OSF SECURITY --- -------- OSF's Distributed Computing Environment provides security services. This includes: a) authentication, b) authorization, and c) user registry. A) Authentication -------------- Authentication verifies the identity of the user requesting the service. In effect, this service proves to the system you are who you say you are. An analogy might be an HP picture ID proving your identity and right to enter an HP site. OSF's distributed Security Service incorporates an authentication service based on the Kerberos system from MIT's Project Athena. Kerberos is a trusted service that validates the identity of a user or service, preventing fraudulent requests. The OSF Security Service is also integrated with the NCS RPC. NCS secures communication in the distributed environment by allowing detection of message corruption. It also guarantees the privacy of confidential information. B) Authorization ------------- After users are authenticated, they must receive authorization to use resources, such as files. The Authorization facility gives applications the tools they need to determine whether a user should have access to resources. It also provides a simple and consistent way to manage access control information. This Authorization service includes authorization checks based on the POSIX conformant access control lists. They provide other administration tools including a registry database that tracks authorization information associated with users. The Authorization service uses the Kerberos format to provide a record that authenticates a client to a service. The record contains the client's identity, a time stamp, and an encryption key known to the client and the service being requested. C) User Registry ------------- The User Registry ensures the use of unique user names and passwords across the network, guarantees the accuracy and consistency of this information at all sites, and provides security for updates and changes. It is based on Passwrd Etc from HP and is integrated with Kerberos to provide security. Passwrd Etc provides: . a central repository of user account information, eliminating the potential for conflicts in logins and passwords. . consistency of login ID, password, and group affiliations across different vendor platforms. . replication and partitioning of User Registry database across the network, providing high availability and high performance. . scalability into the tens of thousands of users and/or machines, with database management tools to ease the administration burden. HP Plans for Security --------------------- For user registry, HP provides Passwrd Etc. on Domain workstations and HP-UX platforms with release 8.0. Authentication and Authorization OSF services are planned for support on MPE/ix and HP-UX workstations with our first release of DCE. 3. THREADS ------- The Threads Service includes operations to create and control multiple threads of execution in a single process and to synchronize access to global data within an application. The Threads Service is ideally suited to dealing with multiple clients in client/server-based applications, because a server process using threads can handle many clients at the same time. The Threads Service is based on Concert Multithread Architecture (CMA) software from Digital and supports the POSIX 1003.4a interface specification. HP has publicly endorsed the P-threads on CMA to OSF. The Threads Service is built into a number of the DCE components, including NCS RPC, Security, Naming, Time and the Distributed File Services. HP/UX will support Threads with the first release of DCE. On MPE/ix kernel threads will be supported with the first release of DCE. 4. OSF's TIME SERVICE ------------------ OSF's Time Service is based on DECdtc and is a software-based service which synchronizes each computer to a widely-recognized time standard. This Time Service is required in a distributed application environment since different distributed components obtain time from clocks on different computers. A distributed service regulates the system clocks in a computer network so that they closely match each other, providing accurate time for distributed applications. OSF's Time Service software uses Kerberos authentication, and is layer on NCS RPC. Status of Time Service ---------------------- DEC is submitting the Time Service technology for OSF DCE which will be built upon OSF1 with NCS 4.0 and Kerberos. The integration is expected to be complete by the first release of DCE. 5. Naming ------ OSF's Distributed Naming Service actually consists of two parts; CDS, or Cell Directory Service and GDS, or Global Directory Service which is based on X.500. OSF's Distributed Naming Service provides a single naming model throughout the distributed environment. This allows users to identify by name resources such as servers, files, disks, or print queues, and get access to them without needing to know where they are located in a network. The OSF Cell Naming Service, CDS, implemented on top of NCS RPC is seamlessly integrated with the X.500 global naming system,GDA, and is integrated with the Security Service. The software supporting the global naming is based on DIR-X from Siemens and offers full X.500 functionality through the X/Open Directory Service API and through a standard management interface. The Naming Service can also create and maintain multiple copies of critical data, assuring high availability throughout the network despite hardware failures. Caching of name lookups is provided to speed up subsequent lookups of the same name. Finally, like the other OSF DCE services, the Naming Service is fully scalable, supporting small as well as very large networks of computers and end users. Status of the Naming Service ------ -- --- ------ ------- Siemens supplied the DIR-X software for integration into the OSF DCE offering. DEC supplied the DCE Cell Directory Service, or CDS. 6. The OSF Distributed File System ------------------------------- The OSF Distributed File System is based on the Andrew File System (version 4.0) from Transarc which solves the problem of accessing remote files regardless of where the files reside in the network, which may be local or wide-area. The Distributed File Service gives users a uniform name space, file location transparency, and high availability, via replication. Essentially, the file system emulates the same behavior as local file systems, providing access to files anywhere in the network for any user, with the same filename for all. This File System is also POSIX compliant, including file access and sharing semantics (POSIX 1003.1a Portable Operating System Interface) and access control lists (POSIX 1003.6 Security Interface). The File System is also based on diskless technology from HP, accommodating diskless workstations allowing low-cost workstations to use disks on servers instead of expensive local disks. Caching is utilized with the OSF Distributed File System, allowing file sections to be transferred as needed, cached, and stored either on the local disc or in main memory on the client machine. The benefits from this include: . More clients per server since a very large number of concurrent requests from clients may be handled by a single server since there is lower overhead on the server. . Higher-performance for the end user accessing distributed data. HP Status on AFS ---------------- The Andrew File System (version 4.0) is being supplied by Transarc to OSF for integration. This is the basis for DCE's DFS, Distributed File System. HP is providing DFS on their HP/UX platforms in 1993. DFS for MPE/ix is being investigated. SUMMARY ------- In summary, some highlights to remember regarding OSF DCE include: . Security -- OSF DCE security is designed to provide at least the same security protection provided on a single system, if not better. . UNIX User familiarity -- OSF DCE relies upon UNIX semantics, where a minimal amount of training is required to use OSF DCE software for distributed programming and file management. . High performance -- OSF DCE is designed to address the need for high performance in a distributed computing environment, utilizing features such as caching and data streaming. . Interoperability/Portability -- OSF DCE is portable to UNIX and proprietary systems, and is backed by the OSF whose membership represents every segment of the worldwide computer community. This membership includes system vendors such as IBM, DEC, Microsoft, and HP, as well as independent software vendors, end users, government agencies, research centers, and universities. . High availability -- OSF DCE provides high data availability via caching, data replication, data streaming, data access methods such as token passing, and error detection and recovery for the loss of network connection or server computer. . Standards adherence -- OSF provides a set of standards for enabling distributed computing that developers and system adminstrators can rely on from all platforms, thus reducing training and development time and costs. HP has taken the leadership role in providing technology for OSF DCE and currently has several key components of OSF DCE technology on the market. HP is in the best vendor position to provide our customers with OSF technology today and in the future. HP is committed to providing high-quality DCE products starting this year and continuing throughout with DCE developer's kits, Distributed file systems and DCE end-user services and DME solutions in the future. Questions and Answers: --------------------- 1. Why did OSF chose AFS over NFS as the winning technology for the distributed file system component of OSF DCE? ANSWER: OSF chose AFS from Transarc because it exceeds the criteria OSF defined for the distributed file system component of the distributed computing environment. Specifically, AFS provides these features over and above NFS functionality: a. It allows users to address files with the same pathname from anywhere in the system, regardless of the computer they are using. It provides transparent access to local and remote files. b. AFS hides the complexity of the distributed file system from system managers. For each cell, which is a configured collection of servers and clients, only one administrator is needed to manage, monitor, and maintain the coherent AFS environment. Online backup tools are provided. c. Access control mechanisms protect the files and directories by enforcing uniformity inside a cell. Appropriate security mechanisms for connections to other configured cells also are provided. d. AFS provides high availability of all accessible data resources. Access to files and directories inside a cell is not interrupted by single server failures. AFS also makes replicated units (filesets) of file systems available for read access. e. The file server is designed to serve a very large number of concurrent requests with good performance. Sections of files are transferred as needed and can be cached on the client machine. f. The file server is designed to work in a wide area network configuration. 2. Is there any guidelines that OSF specifies on why one would go with LM/X versus PC/NFS for PC integration? ANSWER: Although both PC/NFS and LM/X provide similar capabilities (that is, file and print services), OSF does not believe its endorsement of both sets of interfaces and protocols is contradictory. PC/NFS provides a set of protocols used mainly in the workstation market, and LM/X offers protocols for use mainly by MS-DOS and OS/2 systems. The two markets can be perceived as two distinct market arenas that require separate solutions. The OSF evaluation identified the following functional differences between LM/X and PC-NFS: a. The LM/X print capabilities are complete. That is, not only does LM/X support queuing of files to be printed, it also supports other administrative capabilities such as listing the queues, removing jobs from the queues, and starting and stopping them. b. The LM/X management capabilities are complete. LM/X supports a tailorable configuration file (to control characteristics such as session disconnect timer, process resource limits, and security mode). c. The LM/X file service supports remote mounted directories such as NFS or AFS. In other words, LM/X has access to files that have been mounted by these file services. 3. Can you describe the process in which the submitted technologies were selected by OSF for DCE? ANSWER: OSF used the Request for Technology (RFT) process as the means to evaluate the technologies submitted for the Distributed Computing Environment offering. OSF actively solicits member input in the preparation of the RFT as well as in the review of the proposals submitted. This process rests on four basic processes: 1. Member Special-Interest Groups. Made up of experts from member companies, SIGs have a powerful voice in the open process, helping to define the scope and requirements for Requests for Technology as well as suggesting preliminary evaluation criteria. 2. Open Technology Acquisition. Through the RFT process, OSF solicits and evaluates proposals from the worldwide computer industry as well as educational institutions, government agencies, and end users. All OSF members, submitters of technology, and other interested parties are invited to contribute ideas on technological and market needs as well as recommend evaluation criteria. At RFT review meetings, OSF accords non-members who have submitted proposals the same privileges members enjoy. Taking into consideration the recommendations of its membership as well as those of non- member submitters, industry consultants, and standards groups, OSF selects technology for use in its open computing environment. 3. Member Meetings. OSF regularly meets with its membership to exchange ideas on open systems technology. In addition, members review proposals submitted through the RFT process and provide input to OSF evaluation teams. 4. Equal and Timely Access to Technologies under Review and Development. OSF's RFT and development processes provide members timely access to open systems technologies. Copies of code still under development, called snapshots, enable members to evaluate the software, develop their own applications in parallel with the efforts of OSF, and port the software to their systems. OSF's snapshot program thus ensures rapid transfer of technology to the industry. 4. When will HP have DCE Products and on what platforms? HP will be providing DCE solutions on both HP/UX and MPE/ix. The first HP/UX products will be available in the fall of 1992. The first MPE/ix products will be available in the spring of 1993. These products will consist of the NCS RPC, Timing, Cell Directory Service, Global Directory Agent {for integration of CDS with DNS}, Distributed Time Service, Security and Threads. *********************************************************************** If you have additional questions for any portion of this white paper, please contact: Network Sales Center telnet 447-4444